Fortinet-飞塔防病毒解决方案白皮书

FortiGate® -30-100 系列适合中小企业和远程办公 Datasheet 技术规格全面的网络和内容层安全解决方案企业内的混合式攻击网络安全攻击会造成企业商务的崩溃。

知识资产、收益、客户和企业信息以及其他的重要的关键资源都是攻击的目标。

随着大企业强化了网络安全，攻击的主要目标转向中小企业。

SOHO类的企业往往缺乏专业的人才和强大的体系来防御这些高精尖的攻击，同样远程和分支机构(ROBO)也普遍缺乏经验处理复杂的安全问题。

单一功能的安全产品不足以防御采用了多种手段的混合式攻击。

Fortinet公司的FortiGate系列产品把多种安全功能集成在一个平台上，能够有效地防御应用类的基于网络的攻击。

高性价比的网络安全平台FortiGate 安全平台是基于Fortinet公司的FortiASIC™ 内容处理器技术提供的一整套综合性实时安全解决方案。

涵盖了防火墙、IPSec和SSL VPN、入侵检测防御、Web内容过滤、反垃圾邮件、防病毒、反间谍件、IM和P2P 控制、DLP数据弱点管理、广域网优化以及集成的流量管理功能。

FortiGate能在保证很高的网络性能情况下提供综合安全功能，为当前的企业用户和分支办公室提供了最高性价比的安全防御平台。

全系列产品都可以实现HA功能。

它可以支持透明模式和路由模式，部分型号硬件支持交换接口和Modem接口，集成了WiFi功能和预留了支持3G/UMTS Modem的PC卡插槽。

此外，Fortinet采用的是基于设备的许可证方式，对于SOHO和ROBO企业而言，是经济有效的。

特点和益处中小企业所面临着最主要的安全问题是，如何利用有限的资源处理复杂的网络和内容层的攻击。

多合一的UTM产品能够在更高的性价比上实现多层的防御体系。

不同厂家提供的单一功能的解决方案往往过于昂贵和复杂UTM安全解决方案提供了全套的防御体系，实现单一的管理界面WiFi技术往往带来了内部攻击的危险内置的WiFi无线技术实现了在无线的层面上的安全防御SOX和PCI条例要求更为强大的日志和报表UTM能够提供多种功能，其日志和报表功能尤为丰富。

WHITE PAPERFigure 1: When deployed as part of the Fortinet Security Fabric, FortiClient can take advantage of threat-intelligence sharing to expand network visibility, detect attacks in real time, and coordinate threat response.Integrated Endpoint and Network Security Open Ecosystem Array A critical starting point to integrating endpoint and network security is an integrated, openecosystem of security solutions. Woven together to scale and adapt as business demandschange, the Security Fabric enables companies to address the full spectrum of challengesacross the expanding attack surface. Accordingly, part of the Fortinet Security Fabric,FortiClient works alongside common antivirus (AV) and endpoint detection and response (EDR)solutions. For example, users of Microsoft Windows Defender can augment their endpointprotection with FortiClient capabilities such as sandbox integration and VPN support.Endpoint Visibility and ManagementFortiClient integrates endpoint and network security, providing seamless visibility andcontrol across and between all endpoints, enforcing conditional access, and deliveringautomated threat response. It provides end-to-end visibility for both hosts and endpointdevices to help organizations harden endpoints and boost their security posture.Specifically, FortiClient simplifies endpoint management by centralizing key security tasks,identifying vulnerabilities, and correlating events to improve incident reporting. Followingare the ways FortiClient integrates endpoint and network security to provide transparentvisibility and management:Telemetry-based risk awarenessFortiClient establishes risk awareness by sharing real-time endpoint telemetry with networksecurity through the Fortinet Security Fabric. As part of this process, FortiAnalyzer collectslogs from FortiClient and other network components and incorporates global threatintelligence from FortiGuard Labs into a single pane of glass.Vulnerability managementFortiClient includes vulnerability scanning that allows IT infrastructure teams to discover andprioritize unpatched vulnerabilities. FortiClient also creates an applications inventory. Thisnot only provides visibility into software license utilization but also helps identify potentiallyunwanted applications and outdated applications for which patching support may not beavailable. All of this results in a reduced endpoint attack surface.Centralized provisioning and monitoringFortiClient allows IT infrastructure teams to deploy endpoint security software and performcontrolled upgrades to thousands of clients in just minutes, avoiding the time drain associated with manual deployment and minimizing human error. This seamless process is aided by FortiClient API integration with Microsoft Active Directory.Alert verificationIntegration between FortiClient and other security elements across the Security Fabric enables cross-referencing of events with network traffic. This feature helps to verify and triage alerts, enhancing the “signal-to-noise” ratio for incident reporting. As a result, IT infrastructure teams spend less time investigating false positives and are able to focus on identifying actual threats more accurately.Proactive risk managementOrganizations can augment their FortiClient endpoint security with an optional subscription to the FortiGuard Security Rating Service. The Security Rating Service helps IT infrastructure leaders improve their security in measurable ways and report their risk posture to executive management, boards of directors, and auditors. The Security Rating Service helps organizations understand where they stand in relation to peer organizations and accepted standards and provides actionable insights that IT infrastructure leaders can take to improve theorganization’s risk posture.Secure Remote AccessFortiClient offers IT infrastructure teams a powerful toolset for securing access by remote users, including conditional access empowered through endpoint and network integration and streamlined virtual private network (VPN 0 access) (Figure 2).Figure 2: FortiClient supports both IPsec and SSL VPN connections to provide secure remote access to remote users and branch offices.The FortiClient console allows administrators to provision VPN configurations and endpoint users to set up new VPN connections, saving time and reducing configuration errors.Conditional access empowered through endpoint and network integrationLeveraging conditional access capabilities in FortiClient, the IT infrastructure team is able to control endpoint access dynamically through virtual groups to determine access rights. Thus, as an example, only users in a finance group can retrieve information from the organization’s financial database. Yet, users in sales or engineering groups are unable to do so. Accordingly, FortiGate next-generation firewalls (NGFWs) retrieve and use FortiClient virtual groups to create firewall policies that enforce conditional access. This process is automatable since FortiGate NGFWs and FortiClient are integrated within the Security Fabric.Security enforcement also extends beyond virtual group access by automating conditional access: If an endpoint is out of compliance according to a preset condition (e.g., the device lacks a critical iOS or Android patch for a specified timeframe), FortiClient will assignthe user to a security-risk virtual group. By virtue of this designation, FortiGate NGFWs deny access to all resources except for internet connectivity. Once a user installs the required patch, FortiClient removes the user from the security-risk group, thereby restoring previous access rights.Streamlined VPN accessSecure sockets layer (SSL)/transport layer security (TLS) and IPsec VPN features inFortiClient provide secure and reliable access to corporate networks and applicationsfrom virtually any internet-connected remote location. FortiClient simplifies the remoteuser experience with built-in auto-connect and always-up VPN capability. Integration withFortiAuthenticator allows network teams to add two-factor authentication for additionalaccess security. In addition, FortiClient integrates with Microsoft Active Directory to facilitateauthentication and VPN logins using Active Directory credentials.Proactive Threat Response FortiClient leverages machine learning (ML)-based anti-malware, exploit prevention, web filtering, and sandbox integration to proactively protect endpoint devices. Here, FortiClient shares real-time threat intelligence across and between all endpoints and network securitycomponents to enable enterprisewide protection, regardless of where the threat is firstdiscovered. Threat-intelligence sharing facilitates automated responses, containingoutbreaks in near real time—thereby reducing time to containment and resolution.Automated remediationFortiClient automatically quarantines suspect devices to limit the spread of infection toother parts of the network. It also supports automatic patching for software applications andoperating systems, even when the endpoint is offline. These features help IT infrastructureleaders to ensure compliance with increasingly strict data privacy standards and industryregulations.Web filteringFortiClient delivers web security, web content filtering, and granular Software-as-a-Service(SaaS) control. In this case, it monitors browser and web application activity and enforcespolicies. FortiClient web filtering supports a variety of user devices, including Windows, Mac,iOS, Android, and Chromebook. Additionally, with FortiClient, IT infrastructure teams can seta consistent policy for devices when they are on and off the network. This enables them toavoid the time and expense needed to deploy and manage a third-party web filtering solutionor web proxy tools.Sandbox integrationFortiClient submits unknown or suspicious objects to FortiSandbox for detailed analysis.Once FortiSandbox identifies the threat, it notifies all FortiClient-protected endpoints andother security elements within the Security Fabric (Figure 3). This proactive approachallows IT infrastructure leaders to pinpoint and block unknown and zero-day threatsquickly and easily. ConclusionFortiClient facilitates deep integration between endpoint security and network security, especially when deployed as part of the FortinetSecurity Fabric. This integration strengthens not only endpoint security but also network security. At the same time, automation of endpoint security workflows and threat-intelligence sharing enables IT infrastructure leaders to streamline operations. This helps them deal with the cybersecurity skills shortage.65Copyright © 2019 Fortinet, Inc. All rights reserved. Fortinet , FortiGate , FortiCare and FortiGuard , and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common lawtrademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be October 18, 2019 12:47 AM In addition to the above, FortiClient gives IT infrastructure teams end-to-end risk visibility based on threat-intelligence sharing and full control of security policies and responses. At the same time, it offers flexible, powerful remote access security with conditional admission and VPN support. Finally, FortiClient delivers proactive threat response with integrated, automated remediation, sandbox integration, web filtering, and interoperability with common AV and EDR solutions.Figure 3: By integrating with the Security Fabric, FortiClient automates the process of quarantining suspicious or compromised endpoints.1James Hasty, et al., “Advanced Endpoint Protection Test Report ,” NSS Labs, March 5, 2019. 2“Security Value Map: Advanced Endpoint Protection (AEP),” NSS Labs, March 2019. 3Jim Parise, “Heads Up: Cybercriminals Are Businesspeople ,” CFO, August 2, 2019.4Dionisio Zumerle, “The Long-Term Evolution of Endpoints Will Reshape Enterprise Security ,” Gartner, May 1, 2019.5“Empower Security Analysts Through Guided EDR Investigation: Bridging The Gap Between Detection And Response ,” Forrester, May 2019.6 Navanwita Sachdev, “The many motives of hackers and how much your data is worth to them ,” The Sociable, July 1, 2019.。

美国FORTINET 公司系列产品技术手册V4.0版2004年7月北京办事处地址:北京市海淀区中关村南大街２号数码大厦Ｂ座９０３室　邮编１０００８６　电话：（010）8251 2622 传真：（010）8251 2630网站：Fortinet 内部资料2004年目 录1． 公司介绍.................................................................................................................................................................4 1.1 公司背景............................................................................................................................................................4 1.2 产品简介............................................................................................................................................................4 1.3 关键技术............................................................................................................................................................4 1.4 总裁介绍............................................................................................................................................................5 1.5 业务范围 (5)2. 产品系列介绍 (6)2.1 F ORTI G ATE -50A................................................................................................................................................7 2.2 F ORTI G ATE -60...................................................................................................................................................7 2.3 F ORTI G ATE -100.................................................................................................................................................7 2.4 F ORTI G ATE -200.................................................................................................................................................8 2.5 F ORTI G ATE -300.................................................................................................................................................8 2.6 F ORTI G ATE -400.................................................................................................................................................9 2.7 F ORTI G ATE -500.................................................................................................................................................9 2.8 F ORTI G ATE -800...............................................................................................................................................10 2.9 F ORTI G ATE -1000............................................................................................................................................10 2.10 F ORTI G ATE -3000............................................................................................................................................10 2.11 F ORTI G ATE -3600............................................................................................................................................11 2.12 F ORTI G ATE -4000............................................................................................................................................12 2.13 F ORTI G ATE -5000............................................................................................................................................13 2.14 F ORTI M ANAGER 系统. (13)3. 产品功能和特点 (14)3.1 病毒防火墙新理念........................................................................................................................................14 3.2 F ORTI G ATE 系列.............................................................................................................................................14 3.3 基于网络的防病毒........................................................................................................................................15 3.4 分区域安全管理的特色...............................................................................................................................15 3.5 VPN 功能..........................................................................................................................................................15 3.6 防火墙功能.....................................................................................................................................................16 3.7 独特的内容过滤.............................................................................................................................................16 3.8 基于网络IDS 的/IDP 功能.............................................................................................................................16 3.9 VPN 远程客户端软件....................................................................................................................................17 3.10F ORTI ASIC F 技术和ORTI OS 操作系统 (17)3.10.1 高性能并行处理................................................................................................17 3.10.2 实时体系结构...................................................................................................17 3.10.3 实时内容级智能................................................................................................17 3.10.4 提供分区间安全的虚拟系统支撑.......................................................................18 3.10.5 高可用性(HA)...................................................................................................18 3.11 F ORTI G ATE 提供整体解决方案. (18)4.FORTIGATE 防火墙典型应用方案..................................................................................................................19 4.1 中小型企业防火墙应用...............................................................................................................................19 4.2 中大型企业防火墙应用...............................................................................................................................20 4.3 分布型企业防火墙应用...............................................................................................................................21 4.4 校园网安全部署应用....................................................................................................................................22 5. 销售许可证和认证证书. (23)5.1 公安部硬件防火墙销售许可证..................................................................................................................23 5.2公安部病毒防火墙销售许可证 (23)5.3中国信息安全产品测评认证中心 (24)5.4计算机世界推荐产品奖 (24)5.5中国 (24)5.6ICSA认证证书 (25)5.7在美国获奖 (26)6.技术支持方式 (27)6.1北京办事处技术支持 (27)6.1.1 技术支持、售后服务及人员培训 (27)6.1.2 服务组织结构 (27)6.1.3 技术咨询和培训 (27)6.2F ORTI P ROTECT防护服务中心 (27)6.3F ORT P ROTECT安全防护小组 (28)6.4F ORTI P ROTECT推进式网络 (28)7.说明 (29)7.1附件：公司与产品介绍资料 (29)7.2联系我们 (29)Fortinet 内部资料2004年1．公司介绍1.1 公司背景美国Fortinet(飞塔)公司是新一代的网络安全设备的技术引领厂家。

Fortinet技术白皮书Version 5.02006.03目录1．公司介绍 (5)2．产品定位 (5)2.1产品理念 (5)2.2产品概述 (6)2.3系统结构 (6)3．功能列表 (7)4．FORTIGATE系列性能 (9)4.1F ORTI G A TE-50A (9)4.2F ORTI G A TE-60 (9)4.3F ORTI W I F I-60 (10)4.4F ORTI G A TE-100 (10)4.5F ORTI G A TE-100A (10)4.6F ORTI G A TE-200 (11)4.7F ORTI G A TE-200A (11)4.8F ORTI G A TE-300 (11)4.9F ORTI G A TE-300A (12)4.10F ORTI G ATE-400 (12)4.11F ORTI G ATE-400A (13)4.12F ORTI G ATE-500 (13)4.13F ORTI G ATE-500A (13)4.14F ORTI G ATE-800 (14)4.15F ORTI G ATE-800F (14)4.16F ORTI G ATE-1000A/FA2 (15)4.17F ORTI G ATE-3000 (15)4.18F ORTI G ATE-3600 (16)4.19F ORTI G ATE-5020 (16)4.20F ORTI G ATE-5050 (17)4.21F ORTI G ATE-5140 (17)4．其他产品 (19)4.1F ORTI M ANAGER－集中安全管理平台 (19)4.2F ORTI C LIENT－主机安全软件 (19)4.3F ORTI A NALYZER－集中日志报告系统 (19)4.4F ROTI R EPORTER －安全分析报告软件 (19)4.5F ORTI M AIL －高性能邮件安全平台 (19)5．FORTIGUARD 安全服务系统 (21)5.1F ORTI P ROTECT －全球安全防护服务体系 (21)5.3F ORTI G UARD入侵检测和防御服务 (21)5.4F ORTI G UARD W EB内容过滤服务 (21)5.5F ORTI G UARD反垃圾邮件服务 (21)6. FORTINET产品特色 (21)6.1F ORTINET提供了网络安全的整体解决方案 (21)6.2F ORTINET产品技术领先 (22)6.3F ORTINET产品功能齐全 (22)6.4F ORTINET产品线完善 (22)6.5F ORTI G A TE产品应用面广适合各种领域 (22)6.6F ORTINET设计的ASIC独特 (22)6.7F ORTI G A TE作为防病毒网关产品支持多种I NTERNET协议 (22)6.8F ORTI G A TE支持中文管理界面 (22)6.9F ORTINET有高端产品适合运营服务供应商应用 (23)6.10F ORTINET服务体系完善 (23)6.11F ORTI G ATE产品性价比高 (23)6.12F ORTINET产品可以为企业带来良好的投资回报率 (23)6.13F ORTINET产品在中国得到广泛应用 (23)6.14F ORTINET获得多项国家权威机构论证证书和销售许可证 (23)6.15F ORTINET产品在中国业界获得多项奖项 (23)7．竞争分析 (25)1.F ORTI G ATE作为防火墙产品与其它同类产品相比优势突出 (25)2.F ORTINET在网络安全市场上竞争对手甚少 (25)3．F ORTINET公司引领统一威胁管理市场潮流 (25)4．市场需要UTM的理由 (25)8. 销售许可 (26)9．典型应用 (27)9.1中小型企业防火墙应用 (27)9.2中大型企业防火墙应用 (28)9.3分布型企业防火墙应用 (28)9.4校园网络安全部署应用 (29)10．成功案例 (30)10.1应用案例1 (30)10.2应用案例2 (30)10.3应用案例3 (31)10.4应用案例4 (32)10.5应用案例5 (32)10.6应用案例6 (33)10.7应用案例7 (34)11．核心技术 (37)11.1技术要点 (37)11.2病毒防火墙新理念 (37)11.3基于网络的IDP功能 (37)11.4集成VPN的安全网关 (37)11.5ASIC加速和实时操作系统 (37)11.6独特的内容过滤 (38)11.7动态威胁防御系统 (38)11.8分区域安全管理 (38)12．技术支持 (39)1．公司介绍美国Fortinet(飞塔)公司是新一代网络安全防御技术的前锋，引导着网络信息安全发展的潮流。

使用Fortinet解决方案应对BYOD带来的问题和挑战介绍携带自己的办公设备（BYOD：Bring Your Own Device）一直是倍受争议话题，如何在员工使用BYOD在生产效率的提高与BYOD给企业带来安全风险之间实现最佳的平衡。

许多员工已经在使用自己的设备进行工作。

最近的一项行业调查表明，将近75%的员工已经使用自有设备访问与工作相关的数据。

目前一代的员工将BYOD看作一种权利，安全行业的专家也将BYOD视为他们最关心的安全问题之一，在政策与技术之间寻找平衡点确保个人设备以一种可实施的方式进行使用是非常具有挑战性的。

本文将探究一些与BYOD使用相关的优势，也提出一些BYOD在部署方面的关键安全问题。

最后，探讨基于网络的BYOD 部署以及和为什么网络是BYOD实施的最好场所。

BYOD带来的安全挑战BYOD有很多直观的优势：提高了生产率，降低生产成本，提高了员工的认可。

虽说这些好处相当具有吸引力，随之也有很多与部署BYOD环境相关的严重挑战。

与BYOD相联系的挑战可以迫使公司机构严格评估其安全状况和基础设施，必须考虑应对以下每一个挑战。

失控许多员工发现,对于移动设备往往不同于如同桌面设备必须遵守严格的公司政策。

利用这个政策的空白，许多员工使用其移动设备访问视频流文件和其他应用程序，这些应用程序的使用有悖于公司的标准政策。

随着移动设备提供了一种可以绕过公司规定的应用程序访问限制和员工行为准则，对企业网络的带宽造成了压力且降低了生产率。

增加了数据丢失的潜在可能性由于移动设备的使用不受传统的实体企业的规定的限制，潜在的数据丢失显著增加。

移动设备的用户面临的威胁包括恶意软件感染的风险，因疏忽或是恶意共享关键业务数据，甚至是移动设备丢失或被盗。

此外，公共环境中还存在以窃取无防护数据为唯一目的的流氓无线网络。

设备间不一致的安全政策另一个挑战是公司机构因不同的移动设备而不能指定有效统一的移动设备安全访问管理政策。

1.系统威胁导言今天各个组织所面临的最大的苦恼是，如何描述所遇到的攻击和购买什么样的技术手段来发防御它们。

例如：“应用层”究竟意味着什么，“蠕虫攻击、蠕虫和恶意软件有什么区别”。

“应用”或者称为“应用层”是最容易混乱的概念了。

例如，谁是“应用层”攻击的制造者？或者说制造商的产品具有“应用层”防护能力，意味着什么？从某种意义上讲，OSI的七层模型仅仅是对网络通讯进行模块化描述（见图1）。

换句话说，它仅仅是停留在网络通讯的模型层面上，而对实际通讯(比如电子邮件、web浏览器和SAP)等没有什么实际作用。

即使象“SMTP”和“HTTP”这些通常被当作典型“应用层”的，实际上也是要确保高级别层次的应用能够和各种环境进行通讯。

但是，更为复杂的是，确实确实有一些“网络层应用”是符合七层协议的，比如说Telnet和FTP。

但是这些协议却更加深入地证明了“应用层”这个概念是多么地容易被误解的或错误地使用。

OSI的模型从信息安全角度来看这表明什么呢？与该文章相关的关键点在于：●在解释“应用层的攻击”和“应用层的防御”的概念时候一定要小心，尤其是在市场材料中使用。

目前没有定义好的或通用的概念。

●OSI的“应用层”确实是和网络层和传输层有所区别的，他们主要体现于网络通讯。

例如，攻击对以下应用仍旧是有危害的：各种工具类应用的代码和命令（比如浏览器、web服务器、数据库），各种可以重新封包或修改的软件（比如Word和SAP），以及个人数据（比如个人保健信息等）。

最有效和最精确的方法是：面向通讯的攻击和防御方法，面向文件的攻击和防御方法，面向数据的攻击和防御方法。

2. 攻击的生命周期分析与前面讨论概念不同的是，本章节将清楚地描述攻击工作方式。

和澄清“应用层”和“基于网络”的概念一样，讨论攻击的方法和作用对采用什么样的手段阻止它们是非常重要的。

我们认为攻击一般是由以下四步组成的：1、传递是指一个攻击如何从源到目标的。

本地执行的攻击往往是要靠手工导入和加载执行感染文件的。

FORTINET－下一代网络安全防御下一代网络安全防御1FORTINET－下一代网络安全防御目录概览 ............................................................................................................................................................................... 3 简介 ............................................................................................................................................................................... 4 企业与服务提供商面临的安全挑战.............................................................................................................................. 5 旧有的威胁从未远离 ............................................................................................................................................. 5 加速演变的新威胁................................................................................................................................................. 5 基于 web 的攻击增加数据泄漏的损失 ................................................................................................................ 5 Web2.0 应用 ........................................................................................................................................................ 6 传统防火墙不再有效 ..................................................................................................................................... 6 迁移到下一代网络 ......................................................................................................................................... 7 安全演进的下一步：新一代安全平台 .......................................................................................................................... 7 下一代安全技术 .................................................................................................................................................... 7 应用控制 ........................................................................................................................................................ 8 入侵检测系统（IPS） .................................................................................................................................. 11 数据丢失防御（DLP） ................................................................................................................................. 13 网页内容过滤............................................................................................................................................... 15 双栈道 IPv4 与 IPv6 支持.............................................................................................................................. 16 集成无线控制器 ........................................................................................................................................... 16 集中管理 ...................................................................................................................................................... 17 核心安全技术 ...................................................................................................................................................... 18 防火墙 － 状态流量检测与数据包过滤 ..................................................................................................... 18 虚拟专用网 (VPN)........................................................................................................................................ 18 URL 过滤 ....................................................................................................................................................... 19 反病毒/反间谍软件 ..................................................................................................................................... 20 反垃圾邮件 .................................................................................................................................................. 22 结论 ............................................................................................................................................................................. 23 关于 Fortinet ................................................................................................................................................................ 24 关于 FortiOS................................................................................................................................................................. 242FORTINET－下一代网络安全防御概览自从几年以前Gartner提出“下一代防火墙”的概念以来，许多网络安全厂商争先恐后将下一代防火墙作 为所生产防火墙产品的一个种类，但这却造成了不同的结果。

Fortinet飞塔Fortigate 防火墙功能介绍集成了一个5个端口的交换机，免除使用外5个端口的交换机，免除使用外接HUBFortiGate-60CWAN 链接，支持冗余的互联网连接，集成了一个病毒防火墙对小型办公室是理想的解决办法。

FortiGate的特点是双可以自动由For了流量控制，增强了网络流量能力。

FortiGate 在容量、速率、和性价比方面对小型商务，远程商店、宽带通信点都是理想的。

FortiGate或交换机，使得联网的设备直接连接到对小型办公和分支机构企业提供All-in-One保护。

FortiGate 病毒防火墙是专用的基于ASIC的硬件产品，在网络边界处提供了实时的保护。

基于Fortinet的FortiASIC? 内容处理器芯片，FortiGate平台是业界唯一能够在不影响网络性能情况下检测病毒、蠕虫及其他基于内容的安全威胁，甚至象Web过滤这样的实时应用的系统。

系统还集成了防火墙、VPN、入侵检测、内容过滤和流量控制功能，实现具有很高性价比、方便的和强有力的解决方案。

双DMZ端口对web 或邮件服务器提供了额外的网络区域，和对网络流量的增加的控制具有单个安全和接入策略无线接入点增加tiProtectTM网络实现攻击数据库的更新，它提供持续的升级，以保护网络不受最新的病毒，蠕虫，木马及其他攻击，随时随地的受到安全保护。

产品优势：1.提供完整的网络保护：综合了基于网络的病毒防御，Web和EMail内容过滤，防火墙，VPN，动态入侵检测和防护，流量管理和反垃圾邮件功能检测和防止1300多种不同的入侵，包括DoS和DDoS攻击，减少了对威胁的暴露基于ASIC的硬件加速，提供优秀的性能和可靠性2.保持网络性能的基础下，在邮件，文件转送和实时Web流量中消除病毒，蠕虫，和灰色软件／间谍软件的威胁3.自动下载更新病毒和攻击数据库，同时可以从FortiProtectTM网主动“推送”更新容易管理和使用—通过图形化界面初始建立，快速简便地配置指南指导管理通过FortiManagerTM集中管理工具，管理数千个FortiGate设备。

Operational Technology, Secure no MoreWHITE PAPERSecure your cyber and physical assetswith Fortinet and NTTThe mindsetthe same vulnerabilities.Challenges of OT cybersecurityProtecting converged OT/ITThe rise in recent cyberattacks on industrial production facilities highlights the difficulties faced by OT teams.The new realities of OT/IT network convergence necessitate a new cybersecurity approach based on the real world.It’s not that we can’t connect the dots. We can’t see the dots.The head of the US National Security Agency and Cyber Criminal Command in March 2021.3““House dividedAccept the new realitiesConverge OT/IT networks to match threatsOutdated cybersecurity toolsCybersecurity skills gapComplacencyThe tsunami on the horizonA converged OT/IT security requires a common strategy and an integrated approach. Unfortunately, in most organizations, OT and IT teams are separated and report to different CXOs.OT/IT teams need to set aside old notions that air-gapped networks provide good protection, especially whencoupled with firewalls. Today, sophisticated intruders can access OT networks through endpoints such as sensors, gauges, laptops, or even USB devices. Enterprises need to fortify firewalls with web apps firewalls, anomaly detection, AI/ML real-time monitoring and alerts.Cybersecurity threats are a great equalizer that does not differentiate between IT and OT environments. Enterprises need to adapt their security teams and posture to meet the daily threats.Security teams are overwhelmed by the high attack frequency and lack of funding or the threat detection and response tools needed to perform their work efficiently.The pool of available security talent is getting smaller, and OT teams have to compete against better-funded and more attractive opportunities.Despite the known insider risks, 54% of organizations do not have an insider risk response plan!4The arrival of 5G will revolutionize factory floors, thereby expanding the industrial surface of attack. Furthermore, the worldwide electric grid is about to experience a massive surge of demand driven by demand for renewable energy and electric vehicles (EVs). Morgan Stanley anticipates renewables in the U.S. growing to 60% of energy generation and EVs making up 33% of the market by 2040.5Fortinet and NTT have you coveredSecuring your connected universe requires a holistic view of cybersecurity risks, a new matching security posture and architecture, and an integrated physical and cyber protection solution. Fortinet and NTT managed security solutions offer all the elements enterprises need for a converged OT/ITcybersecurity protection. NTT’s services include 24/7 monitoring, detection and response to potential threats. The managed services free your IT teams to focus on business initiatives.Understand risksAdopt a comprehensive security postureNTT security consulting services identify security vulnerabilities associated with the OT and IT networks and map the risk to the operational level. Several bodies establish standards for guiding the industry, including the National Institute of Standards and Technology , theEuropean Union’s Directive on Security of Network and Information Systems (NIS Directive), and the International Electrotechnical Commission (IEC 62443). The standard benchmarks help identify risks and how they relate to OT environments. Fortinet is an active contributing member of industry standards groups, including NIST. These benchmarks and the identified risks guide organizations in prioritizing steps that can quickly reduce risks and maintain operational uptime.A robust security posture offers access management, protection for all assets and visibility into the entire edge-to-cloud environment, including industrial IoT endpoints. Fortinet and NTT managed security solutions provide the tools enterprises need to secure their cyber and physical footprints. Authenticated access to all endpoints and computers is an essential part of Fortinet’s security architecture. NTT security solutions offer visibility into the security network state by passively observing the OT network, creating an updated and comprehensive inventory of everynetwork segment, device, application version, connectivity between devices and security score. Also, NTT performs real-time behavior analytics that identifies normal and abnormal activities. These capabilities enhance the harmful malware and othermanagement (SIEM) to record allcommands and activities.ongoing operations.Fortinet Security FabricPurdue enterprise referencearchitecture modelBroad visibility of the entire digital attack surface to better manage risk Integrated solution that reduces the complexity of supporting multiple point productsAutomated workflows to increase speed of operations and responseFabric Management CenterOpenEcosystemFortiGuard ThreatIntelligence1. October 2020. Cybersecurity & Infrastructure Security Agency, “Alert AA20-275A).”2, 4. Code42 December 2020. “code42 Data Exposure Report.” 3. WSJ PRO Cybersecurity March 26, 2021. “NSA Chief Says Recent Hacks Expose Limits of U.S. Cyber Protections.”5. CNBC PRO March 31, 2021. “Electric grid spending is an “overlooked” opportunity, says Morgan Stanley.”Sources:NTT and Fortinet partner together to provide a wide range of expertise to help organizations protect their OT/IP networks and operations:The Fortinet-NTT partnership enables organizations to protect their converged OT systems from IT networks’ endemic threats while reducing disruptions and lowering operating expenses. Fortinet and NTT help their customers assess, design, plan, implement and manage their converged OT/IT plans. The offerings includemanaged services for monitoring and management to keep customers’ OT/IT environments safe from bad actors.Fortinet provides the technology solution through the Fortinet Security Fabric, an integrated and automated security architecture that delivers visibility, control and real-time traffic analysis to neutralize threats proactively.NTT offers managed services that protectcustomers’ data and infrastructure. The managed services cover monitoring and managed security services that reduce risks and minimize the impact of malicious cyberattacks.NTT provides business and technology advisory services delivered by cybersecurity experts with industry-specific knowledge of OT networks. NTT teams also bring regional experience that enables clients to plan and execute their cybersecurity journey with minimal to no business risks.NTT offers the OT Cybersecurity ExcellenceCenter to identify best fit technologies, implement and monitor systems for ongoing integrity and protection.The rising and more sophisticated cyber threats require new OT/IT converged cybersecurity strategies that protect digital assets, defend against threats and rapidly recover from successful attacks.““Next stepsFor additional information on how to start your journey to a converged OT and IT cybersecurity operations, visit and explore how you can protect your cyber and physical assets.。

应用及流量控制白皮书基本于深度检测的应用监控和管理互联网经过十几年的高速发展，已经成为人们工作、生活中不可缺少的一部分。

聊天软件、网页视频、P2P下载、网上炒股、VoIP语音等丰富多彩的互联网应用给我们带来便利的同时，也带来了很多问题，如员工上班时间使用与工作无关的应用严重影响了工作效率、P2P下载让原本有限的带宽资源更加紧张等，如何对互联网应用进行监视和控制、如何提高带宽利用率已成为大多数企业急待解决的问题。

目前互联网上的应用很多都在浏览器中或其它应用程序中运行，很多应用还可以使用多种端口传输，因此，通过在防火墙上禁止或允许应用的TCP和UDP端口来控制应用的方法已不再有效。

FortiOS的深度检测功能可以基于包特征识别应用，阻止有害应用、保障正常应用的同时，还可以对每个单独的应用进行限速和认证。

FortiOS 的应用控制功能结合基于内容的UTM功能——包括入侵检测、防病毒、信息漏洞防护等，可以为企业提供深层次的、最全面的安全防护。

FortiOS应用控制传统防火墙只能通过源/目的IP地址、端口识别网络流量，并通过这些属性来对流量进行控制。

但如果需要对某种应用产生的流量进行控制，传统的方法则无能为力。

每种应用产生的流量都有其相应的独一无二的特征值，FortiOS应用控制功能可以识别出这些特征值，并通过特征来定位流量是来自哪种应用。

应用控制功能基于入侵保护系统的协议解码器实现，相比入侵保护功能，应用控制功能界面更友好、功能更丰富。

目前，FortiOS的可以识别1000种以上的应用、服务及协议。

FortiOS应用控制技术可以提供用户网络内各种应用占用网络带宽情况的图形报表。

通过分析可视化图形报表，可对非法的应用进行阻止，对允许通过的应用进行流量限制、病毒检测、入侵保护或其它可以针对应用开启的UTM功能。

应用程序使用排行榜根据当前流量情况实时展现，除了可显示应用的流量、会话排名外，还可以显示应用流量对应的源、目的IP地址。

WHITE PAPERFortinet Technology Cybersecurity Solutions Bolstering Protection Against Advanced Cyber Threats While Optimizing Cost and EfficiencyThe Fortinet Security Fabric delivers a broad, integrated, and automated security solution with end-to-end integration that brings centralized visibility and control spanning the entire organization. A wide array of Fortinet cybersecurity tools integrates seamlessly into the Security Fabric, along with dozens of third-party solutions delivered by Fabric Partners. Additionally, an open ecosystem and extensive application programming interface (API) tools give technology companies options regarding the integration of other tools. This provides flexibility for an ever-changing threat landscape and a rapidly evolving marketplace.The Security Fabric is built on the foundation of FortiGate Next-Generation Firewalls (NGFWs) and artificial intelligence (AI)-powered threat intelligence from FortiGuard Labs. FortiManager and FortiAnalyzer, along with tools for security orchestration, automation, and response (SOAR) integrate seamlessly to enable a strategic and coordinated responseto advanced threats. FortiClient and FortiEDR advanced endpoint security tools and FortiNAC network access control protect endpoints and IoT devices at the network edge. Physical security can be added to the Fabric with FortiCamera and FortiRecorder.The Fortinet Security Fabric enables technology companies to move from a tactical stance toward cybersecurity to a strategic one. Companies can make informed decisions about best practices based on real-time information and advanced analytics. And an automated approach to security processes, threat response, and compliance reporting maximizes operational efficiency while improving security.Figure 1: The Fortinet Security Fabric.CloudSecurityOpenEcosystemFortiGuardThreatIntelligenceSecureNetworkingManufacturing floor cybersecurityIT and OT are increasingly co-dependent, and many technology companies were early adopters of this trend. Supervisory control and data acquisition (SCADA) systems are often based on older technology, and connection to the internet wasnot envisioned when they were designed. As a result, many SCADA systems have vulnerabilities that are not easily fixed. Compounding the risk, IoT devices that measure and convey critical information at the manufacturing facility are often headless, meaning that security patches cannot be applied.To protect these critical but vulnerable systems, plant managers and security teams need to achieve centralized visibility into the entire cybersecurity infrastructure, from IT to OT. They must also be able to segment the network according to business need and centrally control both wired and wireless networks.The Fortinet Security Fabric provides centralized visibility and control acrossthe IT and OT systems of technology companies. FortiGate NGFWs, includingthe FortiGate Rugged Series for different environmental needs, provide the foundation for integration of OT into the security architecture. The intent-based segmentation capabilities included in FortiGate NGFWs enable IT and OT networks to be intelligently segmented to support zero-trust access and prevent lateral movement of threats. FortiNAC helps companies track and protect their IoT devices. Further, SOAR tools and FortiAnalyzer help organizations automate security response strategically, improving efficiency and helping stop threats thatNearly three-fourths (74%) of workers say they want to continue to work remotely following the pandemic, regardless of their business’s hybrid work plans.7move at machine speed.The Fortinet Security Fabric enables technology companies with manufacturing operations to integrate the security architecture across IT and OT environments, unlocking automation and optimizing operational efficiency. This can protect the manufacturing floor against both targeted and recycled threats and minimize production disruptions that impact the bottom line.Remote workforceThe start of the pandemic sent tech company employees home and IT teams scrambled to support and secure a fully remote workforce. Even though companies are shifting to hybrid and even going back to fully on-site work models, there are still many remote or frequently traveling workers.To preserve employee productivity, users need the same access in a residence, an airport, or a hotel room that they would have if they were sitting in a company office. Yet, providing such access introduces cybersecurity risk—especially for companies that operate with a perimeter-based approach to security. To provide secure remote access, companies must adopt a holistic approach to cybersecurity that includes a zero-trust approach to access, making no distinction between “trusted” internal traffic and traffic from the outside. Robust network segmentation must be bolstered by behavior-based ways to detect when user accounts and devices are compromised.Our work-from-anywhere (WFA) solution enables technology companies to provide extensive access to remote workers while protecting network segments that specific employees do not need. Fortinet Zero Trust Network Access (ZTNA) safely connects users to applications no matter where the user is located and no matter where the application is hosted. FortiAuthenticator and FortiToken identity and access management solutions help companies limit access to authorized users. FortiGate intent-based segmentation enables the network to be divided according to business need, enabling zero-trust access. Advanced endpoint protection tools, such as FortiEDR (endpoint detection and response) and FortiClient, help prevent infiltration through the endpoint devices used by remote workers.These Fortinet solutions enable technology companies to provide full and secure access to remote workers while protecting corporate assets against attacks from remote locations.Secure branch networksTechnology companies often have small and large branch offices around the world. Many have large overseas locations that are involved in resource-intensive work like R&D—often in coordination with managers residing at headquarters. Secure and reliable connections between these sites and headquarters are often critical for time-sensitive projects.The multiprotocol label switching (MPLS) infrastructure that traditionally provided connectivity to branch offices is expensive, cumbersome, and difficult to scale. As hybrid-cloud networks grow, network traffic increases, and workers at branch locations frequently notice latency in cloud-based services. And as companies struggle when they try to prioritize traffic, the latency can apply to a company’s most-critical applications.In response to these problems, companies are rapidly adopting software-defined wide-area networks (SD-WAN), which enable network traffic to travel on the public internet. To keep such a network secure, SD-WAN technology should ideally be integrated with the cybersecurity infrastructure—and with the networking infrastructure at the branch.Fortinet Secure SD-WAN technology is included in FortiGate NGFWs, enablinghighly secure and cost-effective connections on the public internet, but also over a virtual WAN (vWAN) within select public clouds. At the branch, Fortinet SD-Branch solutions extend the SD-WAN solution to the access layer. This enables secure networking at branches and consistent security coverage from the internet to the wireless network, down through the switching infrastructure.Fortinet solutions for secure branches enable companies to provide secure, high-performance networking with branches, with multiple choices for routing of traffic depending on volume. This helps support network performance at branches while protecting the network against intrusions that enter through branch locations.The vast majority (98%) of security professionals report that relying on multiple cloud providers creates additional security challenges.8Multi-cloud securityTechnology organizations were early adopters of cloud-based services, and most now operate in multiple public and private clouds. And in many cases, their most valuable and sensitive data is contained within this hybrid-cloud infrastructure. As organizations adopt services across this distributed architecture, the default is to leverage the built-in cybersecurity tools offered by each cloud provider.However, these solutions do not communicate with one another, and indeed have different underlying structures. The result can be multiple security silos—one for each cloud provider, one for the private cloud infrastructure, and one for the corporate data center. This makes centralized visibility and automation impossible. The result can be team members being pulled away from strategic projects to do manual work when compliance audit reports are due.To address this lack of visibility and operational inefficiency, organizations must unify the security architecture from the hybrid cloud to the data center. Policy management must be consistent across the board, and threat intelligence should be made available across the company in real time.Fortinet Cloud Security solutions accomplish these objectives by providing a single-pane-of-glass view of the entire cloud infrastructure. They feature native integration with all major public cloud providers, broad protection to cover all elements of the attack surface, and management and automation features that enable consistent, timely threat detection and response through automation.Fortinet enables technology companies to protect disparate cloud-based applications and infrastructure in a consistent way—with multiple layers of cybersecurity protection. As a result, technology companies can confidently deploy any service in any cloud at any time.Fortinet DifferentiatorsIntegrated platformThe Fortinet Security Fabric is built on a flexible platform based on FortiOS, a purpose-built operating system. On this foundation, technology companies can build an end-to-end, integrated security architecture from the data center to the network edge to multiple clouds. Multiple Fortinet tools integrate into the Security Fabric, and third-party solutions canbe added seamlessly via Fabric Connectors. Other third-party products can be integrated with a Fortinet open API and a library of API tools.High performance and low latencyFortiGate NGFWs provide the industry’s best performance during secure sockets layer/transport layer security (SSL/TLS) inspection and experience extremely low latency rates—even in demanding technology industry networks. With 95% oftraffic now encrypted across Google,9 this ensures that a necessary function does not impact operations.Branch location networking and securityFortinet offers comprehensive Secure SD-WAN technology, along with cybersecurity infrastructure for branch locations that eliminates the need for expensive MPLS bandwidth, provides optimal security, and improves network performance.Insider threat protectionFortinet delivers a comprehensive and multilayered solution to guard against insider threats with identity and access management supplemented by NAC, intent-based segmentation, deception technology, and user and entity behavior analytics (UEBA)—all integrated for centralized visibility and control.Robust threat intelligenceFortiGuard Labs delivers near-real-time protection based on threat intelligence from a large global network of firewalls andan AI-powered self-evolving detection system (SEDS). This results in extremely accurate, real-time identification of zero-day and unknown threats before they can cause problems on a network.ConclusionTechnology companies deliver digital innovation to their customers, but their brands can be tarnished quickly if their products lack quality, have technical glitches, or do not have adequate cybersecurity protection. By helping to thwart the tactics of a variety of threat actors, the Fortinet Security Fabric helps prevent these outcomes. As a result, technology organizations can focus on what they do best: innovate and delight customers.1 “2021 Cost of a Data Breach Report,” Ponemon Institute and IBM Security, July 28, 2021.2 “The Ultimate List of Internet of Things Statistics for 2022,” FindStack, February 15, 2022.3 “Understand the risk of IoT vulnerabilities in the remote work era,” SC Magazine, February 4, 2022.4 “2021 Cost of a Data Breach Report,” Ponemon Institute and IBM Security, July 28, 2021.5 “How Tech Companies Can Boost Cyber Defenses: Building a Cyber-First Culture,” eWeek, September 20, 2021.6 “Intellectual Property Enforcement,” U.S. Department of State, April 26, 2021.7 “Top cybersecurity statistics, trends, and facts,” CSO, October 7, 2021.8 “Multi-cloud environments creating additional security challenges,” HelpNetSecurity, July 15, 2021.9 “Google Transparency Report,” Google, accessed April 19, 2022. Copyright © 2022 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.April 28, 2022 8:01 AM。

IntroductionVirtualization is generally the first step when business paces from traditional data center onto the cloud migration journey. Cloud by definition is a pool of API resources that can be rapidly provisioned or released through cloud service providers’ APIs for enabling ubiquitous, elastic, scalable, on-demand access to a shared pool of configurable compute, networking, and storage resources. The nature of “software-defined” everything in the cloud makes it easier to implement with great privileges and yet come even greatresponsibility for security implementation. Cloud migration is not a one-way street, and it’s very common to see hybrid cloud deployments based on business workloads coexisting in the enterprise both on premise and at hosted cloud providers.Securing Your Public and Hybrid CloudScale and Segment Cloud Security on DemandFortinet Cloud Security enables organizations to securely and elastically scale protection to their private, public, and hybrid cloud infrastructure and workloads, and to segment both within the cloud andbetween endpoints, enterprisenetworks, and the cloud.FIGURE 1: SECURITY FOR THE CLOUDSecurity Paradigm ShiftUnlike an organization independently building a data center infrastructure, cloud-based infrastructure as a service (IaaS) is built and aggregated through pools of resources and is designed to be elastic to scale with organizational demand. The leasing and subscription model changes how security is designed and implemented, as cloud consumption transitions from traditional CAPEX to OPEX in the public cloud. The security paradigm shifted from protecting a big-perimeterFIGURE 2: SECURITY PARADIGM SHIFTEDwalled garden to micro-segmented security control of business workloads. IT infrastructure becomes shifted from end-to-end complete data center ownership to owning just enough for the workload to operate in the cloud. IT architecture becomes shifted from static approaches to elastic capacity with on-demand metering consumption. This paradigm shift applies to both cloud ingress/egress (northbound-southbound) and lateral (eastbound-westbound) network traffic flow.According to Gartner’s strategic planning assumptions on “How to Make Cloud IaaS More Secure Than Your Data Center”:n n Through 2020, workloads that exploit public cloud IaaScapabilities to improve security protection will suffer at least 60% fewer security incidents than those in traditional data centers.n n Through 2020, 95% of cloud security failures will be thecustomer’s fault.n n Through 2020, 99% of vulnerabilities exploited will continueto be ones known of by security and IT professionals for atleast one year.As the cloud IaaS technology continues to evolve and mature, the majority of the security responsibility falls on how thebusiness secures and governs the applications and data on cloud IaaS.Well-defined Roles in Securing the Public CloudFor securing the public cloud, it is imperative to follow the “Shared Responsibility” model as espoused by industry groups like the Cloud Security Alliance (CSA) and providers including Amazon AWS and Microsoft Azure. These can be divided into two components — Security OF the Cloud and Security IN the Cloud .Security OF the Cloud comprises what the cloud provider, such as AWS and Azure, will provide. This represents literally all data center components for the cloud IaaS.FIGURE 3: SHARED RESPONSIBILITY - REDUCE SECURITY COST + MAINTAIN FLEXIBILITY , ACCESS, AND CONTROLSecurity IN the Cloud comprises what cloud tenants are responsible for implementing with their security solutions.Legacy security technologies coming into the cloud are still using appliance-based solutions, host-based agents, and manual audits. To achieve a truly consistent security posture in the cloud, businesses need to make the new mentality shift to move critical data away from the monolithic host-centric security model and start leveraging components available from public cloud-based web services. Rather than simply acquiring standalone security appliance that introduce security management challenges, they should instead consider cloud security solutions with centralized management and visibility across all deployment nodes. Point solutions today withoutextensions into cloud APIs are due to fail when they hit the point of scaling elastically in the cloud.Fortinet Security Solutions for Public CloudsCloud deployment is not meant to replicate what it’s done in the traditional data center. Fortinet has purposefully built cloud appliances for Amazon Web Services (AWS) CloudFormation or Microsoft Azure Resource Manager (ARM) templates to take advantage of cloud API-driven functionalities.The Fortinet Security Fabric-ready APIs fully support AWS and Azure and help extend the security intelligence across the cloud. Fortinet further embraces AWS Auto Scaling web services to provide better capacity planning through automation.With a global presence across all regions in public clouds,Fortinet further helps customers and partners meet their security goal of providing applications and data close to their geographical user bases. Geopolitical compliance can be further provided through Fortinet FortiOS intelligence and reporting.Fortinet Security Fabric for the CloudThe Fortinet Security Fabric extends Fortinet’s cloud securitysolutions across the entire enterprise attack surface.Virtualization is a core component of the security fabric that enables applications and data to be delivered efficiently in an on-demand manner through software-defined orchestration. Business workloads can be replicated and automated through preconfigured templates to increase agility and high availability.It is also critical to have single-pane-of-glass management and to own the control plane over cloud resource abstraction, so that businesses can embrace this new dynamic, automated, services-oriented architecture and improve control and visibility in varying cloud deployments.FIGURE 4: FORTINET SECURITY FABRIC FOR CLOUD SECURITYFortinet supports on-demand hourly and annual metering subscriptions in the cloud marketplace, as well as bring your own license (BYOL) for perpetual consumption. As clouds are driven by the need to reduce CAPEX and OPEX expenditures. Fortinet provides the broadest set of service-driven portfolios that can be deployed in micro-segmented clouds without compromising holistic security intelligence.The key principles of cloud security implementation in the Fortinet Security Fabric are:n n Scalable – high-performance firewalls and network securityappliances that scale from IoT to branch offices to the enterprise campus to the hybrid cloudn n Aware – integrated with underlying cloud infrastructure tobe aware of dynamic changes in the cloud environment and to provide seamless protectionn n Secure – micro-segmentation and internal segmentation inthe hybrid cloud extended with end-to-end segmentation across the entire attack surfacen n Actionable – integrated into SIEM and other analytics inprivate and public clouds, with the ability to orchestrate changes to FortiGate and other Fortinet security policy/posture automatically in response to incidents and eventsn n Open – built on an extensible platform with programmaticAPIs (REST and JSON) and other interfaces to integrate with hypervisors, SDN controllers, cloud management, orchestration tools, and software-defined data center and cloudHybrid IT InfrastructureA hybrid cloud that mixes on-premise data centers/private clouds with public clouds requires rigorous management. Fortinet helps organizations build a cohesive securityinfrastructure that is easy to deploy, manage, and extend. Using the fabric-ready API framework, Fortinet seamlessly integrates orchestration and automation to work across the mixed cloud environments. This increased agility, flexible consumption, and automation help DevOps teams own the control plane and respond to changes in the cloud environment more efficiently. Fortinet helps maintain consistency in security posture across clouds with a familiar look and feel in tools and resources. By extending the data center with consistent management,organizations can get enterprise-grade performance and security in the data center and in the cloud, as well as meet changing business needs with greater flexibility and capacity on demand.FortiGate Security PlatformThe FortiGate family of physical and virtual security appliances provides the foundation for securing private and public cloud environments. High-end physical FortiGate appliances provide highly scalable north-south data center firewall and network security protection at the edge or core of the private cloud. Virtual FortiGate appliances provide north-south protection for public clouds, as well as east-west segmentation within and across the hybrid cloud.All FortiGate physical and virtual security appliances share a common FortiOS firmware with consolidated multi-function security, from firewall to intrusion prevention to next-genfirewall to anti-malware to web filtering, and more, and receive consistent FortiGuard threat and content updates fromFortinet’s fully in-house FortiGuard Labs threat research team.Fortinet Virtual AppliancesIn addition to the flagship FortiGate platform, nearly a dozen other Fortinet security and networking solutions are available, not just as physical appliances but also as virtual appliances,from web application security to sandboxing to analytics to application delivery, for deployment in private and public cloud environments.Agile Software-Defined SecurityFortinet’s Security Fabric for the clouds enables orchestration and automation of both physical and virtual FortiGate security appliances in the hybrid cloud. Through a rich set of RESTful and other programmatic APIs, FortiGate appliances can be tightly orchestrated and automated with leading software-defined cloud platforms.Orchestration in the Public CloudFortiGate security solutions are tightly orchestrated with leading public clouds like AWS and Azure to provide on-demand provisioning, pay-as-you-go pricing, elastic auto-scaling, and unified security analytics that enhance protection and visibility in the public cloud environment.Single-Pane-of-Glass Visibility and ControlA workload should have the same secure and compliant posture regardless of whether it is running in a private cloud or public cloud, or whether it may migrate from one to another in a hybrid strategy. Fortinet’s central management solutions, including FortiManager and FortiAnalyzer, provide a single consolidated view of security policies, governance reporting, and event monitoring regardless of physical, virtual, or cloud infrastructure, and across private, public, and hybrid clouds.ConclusionRapid enterprise adoption of private and public clouds is driving the evolution of cloud security. Agile and elastic cloud security solutions need to fundamentally scale protection and segmentation within and across cloud environments. Fortinet’s FortiGate security platform and cloud security solutions secure private, public, and hybrid clouds, and extend protection seamlessly via the Fortinet Security Fabric across the entire enterprise from IoT to data center to cloud.Copyright © 2016 Fortinet, Inc. All rights reserved. Fortinet , FortiGate , FortiCare and FortiGuard , and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other resultsmay vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, GLOBAL HEADQUARTERS Fortinet Inc.899 Kifer RoadSunnyvale, CA 94086United StatesTel: +/salesEMEA SALES OFFICE 905 rue Albert Einstein Valbonne06560, Alpes-Maritimes, FranceTel +33 4 8987 0500APAC SALES OFFICE 300 Beach Road 20-01The Concourse Singapore 199555Tel: +65.6513.3730LATIN AMERICA SALES OFFICE Paseo de la Reforma 412 piso 16Col. Juarez C.P . 06600 México D.F.Tel: 011-52-(55) 5524-8428。

WHITE PAPERExecutive SummaryAs the threat landscape becomes more advanced and cybersecurity talent becomesmore scarce, partnering with a managed security service provider (MSSP) is anincreasingly attractive option for many organizations. In order to take advantage ofthis opportunity, MSSPs must be able to cost-effectively deliver a broad range ofsecurity services. Having a plethora of unconnected point products on the back endworks against this goal. The Fortinet Security Fabric delivers a broad, integrated, andautomated security architecture that enables delivery of effective, comprehensivesecurity services with minimal cost and staff time. It even affords MSSPs anopportunity to expand into networking services, expanding their footprint at existingsites and growing a base of new clients.The cybersecurity skills shortage,1 coupled with the cost and hassle of maintaining 24×77 coverage of an increasingly complex infrastructure, have made MSSPs increasinglyattractive to companies of all sizes. One recent analysis projects that companies will spendmore than $58 billion on managed security services by 2024,2 reflecting more than a 14%annual growth rate.This trend represents an unprecedented opportunity for MSSPs. Providers with a broad set of offerings can increase their footprint at existingclient sites, and recruit new clients with the promise of being able to meet their current and future needs.3 But to take advantage of this growingmarket need, MSSPs must deliver the right mix of security services cost-effectively—and in ways that align with the business needs andpriorities of their target customers.Fortinet MSSP partners reduce risk and minimize the impact of cyberattacks by providing managed security and monitoring services toprotect enterprise data, infrastructure, and users—regardless of who, where, when, and how IT assets are accessed. They extend thesecurity operations of the enterprise by bridging people, skills, process, and technology.Fortinet offers a broad portfolio of integrated and automated security tools that cover network security, cloud security,4 application security,5access security, and network operations center (NOC) and security operations center (SOC) functions.6 The ability to bridge security andnetworking on the same platform is a big advantage for MSSPs, enabling them to offer a broad, single-provider solution and increasingaverage revenue per user (ARPU).Key MSSP Cybersecurity ChallengesVisibilityA lack of visibility is one reason that many businesses are turning to MSSPs for help in defending against attacks. They find themselves in this positionbecause over time, they have responded to the growth of the attack surface by deploying unconnected point products, resulting in a disaggregatedsecurity architecture. This lack of visibility increases risk, as the organization often does not even know when it has been attacked.8 Providing end-to-end visibility is an essential capability for MSSPs seeking to meet the service expectations of their target customers. In the absence of visibility, fast-moving intrusions may cause harm before a response can occur, negating all efforts to maintain an effective security posture.9 To deliver a value add to customers, MSSPs need to achieve end-to-end visibility across each customer’s environment and provide that visibility to them via a customer portal.Operational efficiencyThe point of a managed service is to take advantage of economies of scale to deliver services more cost-effectively than a customer could. But if the MSSP’s services are delivered inefficiently, they will not be profitable. Lack of integration across different security elements and architectural fragmentation increase operational inefficiencies. Without integration and automation, many securityworkflows must be managed manually.10 This certainly increases risk, but it can also slowDevOps cycles, degrade customer and employee experience, and increase administrativeoverhead and operational costs.End-to-end integration, on the other hand, enables the MSSP to deliver broad serviceswhile optimizing staff time and budgetary resources, maximizing margins and potentiallyincreasing ARPU. Silos are eliminated, and the MSSP’s customers receive the mostcomplete security protection possible.Breadth of offeringsOffering a broad suite of security services to customers enables an MSSP to meet theneeds of more current and potential customers. This potentially increases ARPU throughthe opportunity to upsell in specific accounts. It also enables the organization to competefor business from potential new customers that are looking for a comprehensive set ofservices under one umbrella.11Adding functionality via unintegrated point products results in technology sprawl witheach product operating in its own silo, which necessitates manual correlation withexisting services. Ironically, it could mean that customer accounts that leverage more services would be less profitable than those that use fewer services, inhibiting business growth. On the other hand, MSSPs whose offerings are powered by a broad, integrated, and automated security architecture can customize their offerings to each customer’s needs. And every newly added service on an account increases both ARPU and profits.Threat intelligence and analyticsIn today’s advanced threat landscape, customers need real-time access to robust threat intelligence to counter attacks that move at machine speed. In addition to a customer’s own security logs, many subscribe to threat-intelligence feeds pulled from large networksof firewalls around the world, but it is a challenge to aggregate this data across a fragmented security architecture in time to deliver adequate speed of response.Customers also expect data-driven advice from the professionals they are paying to manage their security infrastructure—a challenge for MSSPs operating in disaggregated environments. In such an environment, providing advice to customers is an expensive proposition, and the insights gained are less valuable due to inevitable human error in the analysis.Use CasesManaged Secure SD-WAN ServiceThe rapid growth of software-defined wide-area networking (SD-WAN) over the past few years12 affords MSSPs an incredible opportunity. MSSPs now have easy access to tools that can increase their footprint at customer sites by expanding into networking services. The opportunity is equally attractive to customers, as it enables them to scale their network traffic using the public internet without paying for new multiprotocol label switching (MPLS) bandwidth. But security is a big challenge for companies consideringSD-WAN, as network traffic moving on the public internet opens a big new element of the attack surface.Other SD-WAN offerings are often based on point products that are purchased and administered separately from a security solution. This can increase operating costs, reduce margins, degrade security, and reduce the overall quality of the service. FortiGate Secure SD-WAN combines complete security and robust networking performance in a single platform, enabling MSSPs to broaden their reach profitably. Such an offering also provides the potential for an MSSP to expand its services to secure networking at branch locations—again without adding additional point products. Fortinet SD-Branch includes FortiGate next-generation firewalls (NGFWs) combined with switching, wireless access, and network access control tools to provide complete connectivity and security protection at remote offices.Offering managed secure SD-WAN services powered by Fortinet brings a number of advantages to MSSPs: nn The opportunity to grow ARPU at existing customer sites by expanding into networking services to, from, and within branch locationsn The ability to grow this new business over time with a lack of expensive additional contracts and deployments required nn Operational efficiency and enhanced profitability by delivering the service via a fully integrated, multi-tenant toolsetnManaged SOC ServiceNot every company can afford to have a full-fledged SOC. Designing and building out the space,hiring a team, and providing 24×7 staffing and hardware and software maintenance on anongoing basis is an expensive proposition. Unfortunately, the cybersecurity skills shortagemeans that the problem is only getting worse.13That said, the enhanced security, visibility, and actionable insights that can be derivedfrom a SOC are important for the business. MSSPs can fill this gap by delivering a rangeof services from their own SOC. These services can be offered at specific levels or astailored services for individual customers’ needs.For example, many customers benefit from managed security information and eventmanagement (SIEM) services because of the deep visibility and analytics they provide.And managed detection and response services can leverage artificial intelligence(AI)-driven threat intelligence and indicators of compromise (IOC) feeds to add layersof protection to customer environments. Customers can even have their own log-incredential to view the analytics for themselves.The Fortinet Security Fabric, powered by FortiGate NGFWs, enables MSSPs to build afull-spectrum SOC with end-to-end integration across the entire architecture. Numerous“In the modern times we live in, formulating new strategies, and remedying existing security measures to combat the changing threat landscape, is of the utmost importance. Keeping this in mind, MSSPs serve as the Holy Grail solution that the cybersecurity realm needs today!”14security tools from Fortinet and third-party Fabric Partners integrate seamlessly into the Fabric. Additionally, the open architecture and robust representational state transfer application programming interface (REST API) enable MSSPs to integrate other solutions to fill niche needs or maximize investment in legacy tools.Delivering managed SOC services using the Fortinet Security Fabric brings these benefits to MSSPs:n n The ability to offer comprehensive services without managing a plethora of point productsn n The benefit of real-time, AI-powered threat intelligence along with other layers of protection against unknown threatsn n Operational efficiency and enhanced profitability by delivering the service via a fully integrated, multi-tenant toolse tFigure 1: A broad, integrated, and automated security architecture from Fortinet helps MSSPs deliver a wide range of services, including managed SD-WAN services, managed SOC services, and managed cloud security services.Managed Cloud Security ServiceThe explosion in the use of the public cloud by businesses of all sizes does not seem tobe slowing. In fact, Software-as-a-Service (SaaS) spending alone is expected to exceed$80 billion this year15—an annual growth rate of more than 17%. Unfortunately, the rapidadoption of sprawling cloud infrastructures increases security operations complexity fororganizations, and the result is often that cloud-based applications are vulnerable. Onekey driver of risk is the misconfiguration of cloud-based systems.16With the right infrastructure, MSSPs can offer comprehensive cybersecurity protectionfor all services running on multiple clouds. Alternatively, they can offer protection on anapplication-by-application basis using a Web Application Firewall (WAF)-as-a-Servicemodel. Both approaches can increase an MSSP’s footprint at customer sites. As theyoffer more cloud security services within an account, operational efficiencies derived fromend-to-end integration can increase their margins.17 Fortinet offers robust, cloud-native tools to bring MSSP customers’ entire distributed cloudinfrastructure together under a single umbrella, with consistent security protection, policymanagement, and configuration management. FortiGate VM brings the NGFW to avirtual machine form factor that works well for cloud environments, and the FortiWeb web application firewall (WAF) is available in several form factors as well, including SaaS. The FortiCASB cloud access security broker (CASB) service and the FortiCWP cloud workload protection (CWP) tool deliver visibility, compliance, threat protection, and configuration management across the cloud infrastructure.A managed cloud security service powered by Fortinet brings these advantages to MSSPs:nn Security tools native to each cloud bring a consistent set of security policies and practices to all customer cloud deploymentsn In-line, real-time threat intelligence in FortiWeb enables instant, automated response to security eventsnn Operational efficiency and enhanced profitability by delivering the service via a fully integrated, multi-tenant toolsetnFortinet Differentiators for MSSPsRobust, broad-based security products and services to enable a comprehensive menu of services for MSSP customers from a single platform. This can result in higher ARPU and broader revenue opportunities. At the same time, Fortinet Network Security Expert (NSE) training gives MSSPs a consolidated training model for a broad set of security and networking products under management—and a way to differentiate their services.Multiple product consumption models offer MSSPs and their customers the flexibility they need to secure their data, infrastructure, and applications in the most optimal way. Different Fortinet solutions are available in appliance, virtual machine, cloud, and SaaS form factors. MSSPs can also leverage special pricing programs such as pay-as-you-go and subscriptions, providing the flexibility to address different business models supporting their service offerings.Recognized leadership in network security, named a Leader in the Gartner Magic Quadrant for Network Firewalls,18 and scoring best among nine vendors in the NSS Labs Next-generation Firewall Security Value Map.19 This unparalleled performance enables MSSPs to reduce their capital expenses (CapEx) spend, and a smaller security and network footprint to deploy and manage lowers operational expenses (OpEx) costs.The ability to leverage investments in third-party products via integration through the Fabric Alliance, open APIs, and a robust REST API. This enables MSSPs with rapid scale to remove friction and increase the speed of service rollouts.Security solutions designed as multi-tenant from the ground up, enabling MSSPs to isolate but still manage multiple customer networks from a single console. This increases ARPU while improving operational efficiencies.ConclusionAs customers look to MSSPs to help them with seemingly intractable cybersecurity challenges, offering limited, cookie-cutter, or disconnected services is not a good way to build business. But MSSPs that base a broad set of services on the Fortinet Security Fabric have the opportunity to become a one-stop shop for security services—and a trusted advisor to a growing client base.Copyright © 2019 Fortinet, Inc. All rights reserved. Fortinet , FortiGate , FortiCare and FortiGuard , and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be November 18, 2019 9:37 PM 1Mekhala Roy, “Effects of cybersecurity skills shortage worsening, new study says ,” TechTarget, May 10, 2019.2“Managed Security Services Market is Expected to Exceed US$ 58 billion by 2024,” MarketWatch, February 27, 2019.3Christophe Voilque, “MSSP 2.0: How to Launch or Expand Managed Security Services with the Fortinet Security Fabric ,” Fortinet, March 27, 2019.4“Key Principles and Strategies for Securing the Enterprise Cloud: A Cloud Security Blueprint ,” Fortinet, December 3, 2018.5“Fortinet Web Application Security for the Cloud ,” Fortinet, March 19, 2019.6“Bridging the NOC-SOC Divide: Understanding the Key Architectural Requirements for Integration ,” Fortinet, August 23, 2018.7Scott Matteson, “To stay competitive, MSSPs need to grow and evolve ,” TechRepublic, January 16, 2019.8John Maddison, “The Problem with Too Many Security Options ,” Fortinet, May 9, 2019.9 Derek Manky, “The Evolving Threat Landscape—Swarmbots, Hivenets, Automation in Malware ,” CSO, August 29, 2018.10“Network Complexity Creates Inefficiencies While Ratcheting Up Risks: Understanding the Causes and Implications ,”Fortinet, June 1, 2019.11“Managed Security Services’ Value Is Scale ,” Channel Futures, May 14, 2019.12Andy Patrizio, “Enterprises are moving to SD-WAN beyond pilot stages to development ,” Network World, May 7, 2018.13Jon Oltsik, “Is the cybersecurity skills shortage getting worse?” CSO, May 10, 2019.14Rebecca James, “How Can MSSPs Thrive in the Growing Time of Complex Cyber Threats?” Infosecurity, October 29, 2019.15Louis Columbus, “Roundup Of Cloud Computing Forecasts And Market Estimates, 2018,” Forbes, September 23, 2018.16Asher Benbenisty, “Don’t Go Once More Unto the Breach: Fix Those Policy Configuration Mistakes ,” Infosecurity, October 30, 2018.17“Industry leaders struggle to balance digital innovation and security ,” Help Net Security, April 4, 2018.18“FortiGate Network Firewalls Give MSSPs Another Reason to Select Fortinet ,” Fortinet, September 24, 2019.19 “Independent Validation of Fortinet Solutions: NSS Labs Real-world Group Tests ,” Fortinet, January 2019.。